Skip to content

Hide Navigation Hide TOC

Powershell Timestomp (c6438007-e081-42ce-9483-b067fbef33c3)

Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder.

Cluster A Galaxy A Cluster B Galaxy B Level
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Powershell Timestomp (c6438007-e081-42ce-9483-b067fbef33c3) Sigma-Rules 1
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2